Fortinet Document Library

Version:


Table of Contents

Cookbook

6.2.0
Download PDF
Copy Link

Fragmenting IP packets before IPsec encapsulation

The ip-fragmentation command controls packet fragmentation before IPsec encapsulation, which can benefit packet loss in some environments.

The following options are available for the ip-fragmentation variable.

Option

Description

pre-encapsulation Fragment before IPsec encapsulation.
post-encapsulation (default value) Fragment after IPsec encapsulation (RFC compliant).
To configure packet fragmentation using the CLI:

config vpn ipsec phase1-interface

edit "demo"

set interface "port1"

set authmethod signature

set peertype any

set net-device enable

set proposal aes128-sha256 aes256-sha256 aes128-sha1 aes256-sha1

set ip-fragmentation pre-encapsulation

set remote-gw 172.16.200.4

set certificate "Fortinet_Factory"

next

end

Fragmenting IP packets before IPsec encapsulation

The ip-fragmentation command controls packet fragmentation before IPsec encapsulation, which can benefit packet loss in some environments.

The following options are available for the ip-fragmentation variable.

Option

Description

pre-encapsulation Fragment before IPsec encapsulation.
post-encapsulation (default value) Fragment after IPsec encapsulation (RFC compliant).
To configure packet fragmentation using the CLI:

config vpn ipsec phase1-interface

edit "demo"

set interface "port1"

set authmethod signature

set peertype any

set net-device enable

set proposal aes128-sha256 aes256-sha256 aes128-sha1 aes256-sha1

set ip-fragmentation pre-encapsulation

set remote-gw 172.16.200.4

set certificate "Fortinet_Factory"

next

end